Apple has finally released patches for bugs in Leopard’s iCal application seven days after Core Security Technologies published the vulnerabilities.
Last Wednesday, Researchers from Core grew weary of waiting for Apple to release a patch for vulnerabilities in Apple’s iCal application, which they discovered several months ago. Three of the vulnerabilities affected iCal v3.0.1 that comes as standard with Mac OS X 10.5.1 with one other bug found in iCal Server, a component of Mac OS X Server.
Core first got in touch with Apple on January 30th of this year to let the company know they had discovered vulnerabilities in the iCal application and iCal server. After claiming the problem was not with the iCal server but the Wiki Server, Apple patched the server bug with its March update, however no other patches were released for the iCal bugs.
Amid constant requests for more time and changes to the release date, Apple Apple contested the severity of two of the three iCal vulnerabilities while Core maintained that all three of the flaws were serious. Eventually core decided to go ahead and publish the results despite the release of an Apple patch.
It seems that yesterdays update has done the trick and according to eweek, patches for the iCal application were among 40 other fixes for Mac OS X components including iChat, Mail, Address Book, AirPort, Automator, Parental Controls, Spaces, Time Machine and VoiceOver.